<CFX_CFMEncrypt>
Hompage: http://www.rixsoft.com/ColdFusion/CFX/CFMEncrypt/
Download the C++ source: cfmencrypt.cpp
Download the archive (DLLs, C++ source, readme): cfmencrypt.zip
This program is based on the original CFDECRYPT source by Matt Chapman <matthewc@cse.unsw.edu.au>.
Purpose
Encrypts and decrypts CFML templates. Encryption, like CFCRYPT.EXE, produces executable CFML templates. Decryption performs just like the CFDECRYPT utility by Matt Chapman. You now have both sets of functionality in a CFX tag. Go to town.
Reference
Decryption Procedure
- Get the header size from the top of the file (it is in plaintext). For version 1 encryption, the custom header is included in this number, but version 2 encrypts the header with the sourcecode and has some extra junk for the next 16 bytes. (Don't know what this is yet.)
- Setup your DES.
- Decrypt the ciphertext in 8-byte chunks. If you are using version 2 system, look for the first 0x1a to signal the end of the custom header.
- The remaining bytes in the file are just XORed with their position past the header. (Hint: Don't store your passwords in the last 7 bytes! ;)
Encryption Procedure
- Write the header, including the size and the custom header.
- Setup your DES.
- Encrypt the plaintext in 8-byte chunks.
- The remaining bytes in the file are just XORed with their position past the header.
Usage
Parameters
- MODE="ENCRYPT|DECRYPT"
- Required.
- INFILE="(filename)"
- The source, coming from a file. Mutually exclusive to INPUT.
- INPUT="(text)"
- The source, coming from a CF variable. Mutually exclusive to INFILE.
- OUTFILE="(filename)"
- The file you want results to go to. May be combined with OUTPUT.
- OUTPUT="(varname)"
- The CF variable you want the results to go back into. May be combined with OUTFILE.
- HEADER="(text)"
- Optional. Custom header text to be prepended to the CF file. I really have no idea what this is used for, but I've put it in here anyway.
- ERROR="(varname)"
- Returns an error (or error code) into CF variable varname. Note that this may not always be set. If you do a CFTRY, it succeeds, and your error variable is not set, then you may safely assume that everything worked. Defaults to CFMEncrypt.Error.
Example
<!--- Add Yahoo/Geocities-style footers --->
<CFX_CFMENCRYPT MODE="DECRYPT" INFILE="source.cfm" OUTPUT="Source" ERROR="ThisError">
<CFIF ThisError IS NOT "">
<CFABORT SHOWERROR="Could not decrypt! #ThisError#">
</CFIF>
<CFSET Custom=Source & Chr(13) & Chr(10) & "<P>Thank you for using Rick's server!</P>">
<CFX_CFMENCRYPT MODE="ENCRYPT" INPUT="#Custom#" OUTFILE="source.cfm" HEADER="Hosted by Rick">
|
Notes
- Anything coming out of an ENCRYPT operation, or into a DECRYPT operation, is binary data. I suggest you don't try to manipulate this in variables. That's what files are for.
- This version only does version 1 format files. Until I figure out what the extra 16 bytes in the new version are, I don't want to mess with version 2. Besides, it works.
Creative Uses
- Become a CF service host that uses only the ADK. Provide web-based file upload that automagically encrypts templates as they are uploaded. Save yourself lots of money by not having to buy the full version.
- "Safety scan" templates that you don't have control over. (Find people trying to use the hidden admin functions when they shouldn't be.)
- Write some CF scripts to run nightly:
- Check out the stable source tree from your version control software.
- Encrypt the source.
- Upload the encrypted source to your clients.
- Write a "Windows Update"/"LiveUpdate" kind of on-demand updating for your production code:
- Code on client end checks in nightly for revisions.
- When new things are found, encrypt them and send them.
Installation
Install this just as you would any other CFX tag. Note that the ZIP file should come with two versions: Debug and Release. You only need to install one of them.
Why use this and not CFCRYPT?
No major reasons. Maybe you don't want to use CFEXECUTE. Maybe this is actually faster than shelling out every time you want to encrypt a template.
Last Updated: 2000-May-29